Fail-safe storage options
New options promise faster recovery plus better data protection at headquarters and remote sites
Since the 2001 terrorist attacks and last year’s devastation caused by Hurricane Katrina, many in government have a renewed interest in technologies and strategies for supporting continuity-of-operations (COOP) plans. The emphasis extends beyond frontline homeland security agencies to other departments that must be able to deliver services after a crisis.
Regardless of an agency’s mission, a critical component of an effective COOP capability is the storage equipment that houses agency data and serves as a foundation for many government operations. Fortunately, more options are available for agencies seeking to boost their storage backup and disaster recovery strategies.
Many of the newer vendor offerings take advantage of the declining cost of disk storage and wide-area networking capabilities. To protect against site failure, agencies may opt for remote replication products and services. For production data, continuous data protection products allow agencies to create local copies of critical data for fast recovery. Various disk-to-disk backup scenarios vie to replace or supplement tape storage. Other solutions aim to protect data accumulating in satellite offices.
The different methods of minding an agency’s data aren’t mutually exclusive. Some continuous data protection offerings, for instance, provide mirroring capabilities, enabling a remote replication strategy. Industry executives contend that most organizations will eventually use more than one technique to preserve their information assets.
Agencies must choose a combination of capabilities depending on their objectives for the recovery time — how long it takes to restore systems to operational status — and the recovery point — how much time elapses between backups. Here are more details on four important methods.
Remote replication
Remote replication provides a disk-based disaster recovery capability. By using this approach, organizations create exact copies of data from a primary data center to a disk array at a distant site.
Interest in remote replication has grown since the 2001 terrorist attacks as government agencies revisit their COOP plans. The speed of disk-based recovery has lured some large data centers away from tape as the primary means of disaster recovery.
The Agriculture Department’s National Finance Center uses remote replication and tape, depending on the requirements of the business line it supports. If a business line’s recovery time objective is 24 hours or less, replication to disk is the method of choice.
“We cannot support those [recovery time objectives] with a tape-based recovery system, so we use mirroring technology,” said Gilbert Hawk, the center’s chief information officer. The center performs asynchronous, point-in-time replication every two hours between two storage-area networks (SANs).
Tape, meanwhile, provides disaster recovery protection for applications with longer recovery time objectives.
Tim Schilbach, network engineer at Apogen, said remote mirroring provides “an instantaneous point-in-time restore,” adding that tape is inefficient for rapidly restoring large volumes of data. The USDA hired Apogen last year to work on storage issues.
Hawk said the center’s disaster recovery approach worked as planned during Hurricane Katrina. “We were able to meet all of our recovery time objectives, based on the methodology we put in place,” he said.
But remote replication isn’t just for large organizations. The growing use of standard IP long-haul networks as the method for dispatching data has lowered the cost of the remote mirroring method. In the early days of mirroring, more expensive technologies, such as Synchronous Optical Network, provided the wide-area backbone.
“We’re seeing a lot of firms embrace IP,” said Steve Higgins, director of EMC's business continuity and information security practice. “Firms that you typically wouldn’t think of as doing remote replication are now doing it.”
Zophar Sante, vice president of marketing development at Sanrad, said smaller organizations have begun to consider remote replication, although adoption is far from widespread.
“The new thinking is, ‘Why don’t we replicate data to another site…instead of spooling to tape,’” Sante said.
Sanrad began shipping its Global Data Replication and Recovery product late last year, which is based on the Internet SCSI standard. Other IP-based mirroring solutions include DataCore Software’s disaster recovery package for its SANmelody product line. The product was announced in January.
One government agency employs a wireless variation of the IP theme. In Sheboygan County, Wis., the information systems department decided to use an existing wireless connection to replicate data. The county uses a Proxim Tsunami Wireless Ethernet Bridge to replicate data from a SAN in the county courthouse to a storage array in a building a mile away, said Joyce Schneider, information systems director for Sheboygan County.
The county continues to test the system. CDW Government was the prime contractor on the SAN project, and EMC served as a subcontractor. CommConnect handled the installation of the network component of the wireless bridge.
Virtual tape libraries
Virtual tape libraries (VTLs) offer a middle path for organizations that seek the speed of disk technology but aren’t ready to give up tape backup procedures.
Disks housed in a VTL emulate particular types of tape libraries and tape formats. VTLs easily integrate with most popular backup applications. Vendors say the approach eases the transition to disk because customers can use existing backup software and familiar backup policies. With VTLs, customers can obtain the fast backup and restore speeds of disk without disrupting time-tested backup methods, said Linda Mentzer, vice president of marketing at VTL vendor Sepaton.
“Customers spend years fine-tuning backup infrastructure,” Mentzer said.
Jay Livens, director of marketing at Sepaton, said the company tripled its revenue between 2004 and 2005 amid increasing demand for the technology. He said the average systems range from 20 to 30 terabytes.
Some VTL users may still want to create tapes for off-site storage as part of a COOP plan or long-term archiving program. Integrated and stand-alone VTLs offer two methods for doing this. An integrated VTL “has a connected tape drive and all the logic needed to send data to tape on its own,” said Stephen Foskett, director of strategy services at GlassHouse, a storage service provider.
A stand-alone VTL handles the disk-to-disk backup, ceding disk-to-tape chores to a customer’s backup software. Sepaton’s VTL uses the stand-alone mode, while vendors such as FalconStor Software offer integrated VTLs.
The integrated approach may simplify VTL implementation, Foskett said.
A stand-alone solution, on the other hand, provides a more unified index of an organization’s backups because it keeps track of files written to disk and tape, he added.
“Some integrated VTLs will import data into the backup system about their migration of files to tape, but users report that these systems sometimes duplicate tape ID numbers,” Foskett said. “I still prefer the tried-and-true method of using the backup software to keep track of tapes.” Customers can also pursue electronic vaulting instead of off-site tape storage. Sepaton announced a product in January that replicates data from one VTL to another via a wide-area network (WAN). Livens said 30 percent to 40 percent of Sepaton’s customer base is looking to implement this feature.
Transportable disk drives provide yet another flavor of tape mimicry. Olixir Technologies’ Mobile DataVault product line features shock-protected hard drives that can be rotated and stored off-site. Darshan Shah, president of Olixir, said most disk drives are “too fragile to be practical for off-site archiving.”
Olixir’s government customers include the Navy, Library of Congress and San Carlos, Calif. Shah said off-site archiving is a requirement for most of the government agencies the company has encountered.
Idealstor, meanwhile, markets backup appliances equipped with disks that can be removed and stored off-site. The Superior Court of California in Merced County has been using Idealstor appliances for about a year. The court switched from tape to disk for faster backup times. The product can back up the court’s largest database in an hour, as opposed to seven to eight hours using tape, said Brian Peterson, court information technology coordinator in Merced County. At the end of each week, IT workers eject the drives and move them off-site.
“We do it just like tapes,” he said.
Branch-office backup
Branch offices generally operate outside the centralized backup policies of the headquarters facility, but their data is no less important to an organization’s ability to continue operations after a disruption.
“The status quo is to back up locally on a tape autoloader in the branch,” said Alan Saldich, vice president of product marketing at Riverbed Technology. If branch employees do not follow proper backup procedures, they might lose or mishandle tapes, he said.
Wide-area file systems provide one solution. A WAFS appliance connects to PCs and servers and transmits branch-generated data via a WAN to a central facility for storage. Vendors take different approaches to accelerating data traffic on the WAN to speed backups.
Riverbed’s Steelhead appliance, which can handle WAFS duties, performs TCP/IP optimization and reduces the amount of data traversing the WAN. Steelhead appliances, residing at opposite ends of the WAN link, remove repetitive traffic through scalable data-referencing algorithms. For example, if someone attaches the same PDF file to 10 e-mail messages, it would only cross the network one time, Saldich said.
Tacit Networks also plays in the WAN optimization and WAFS arena. Noah Breslow, vice president of marketing and product management at Tacit Networks, said he views government as a highly distributed endeavor and one that is ripe for WAFS solutions.
He cited the case of a state insurance agency that operates offices in 160 counties. Tacit Networks is installing some evaluation units of its product at the agency, which seeks to consolidate backup operations in a single location.
Asigra offers a different option for multisite backup tasks. The company offers Televaulting for Enterprises, software a customer installs at the central data center and each remote site. The difference is that branch offices maintain local storage and replicate data to the central site. In the WAFS scenario, an appliance funnels data to the central site, eliminating local storage.
Eran Farajun, executive vice president of Asigra, said the company’s approach accommodates organizations that already have network-attached storage devices — or other forms of local storage — at remote locations. For those customers, televaulting “is closer to what they are doing today,” he said.
The Air Force Center for Environmental Excellence at Brooks City-Base, Texas, uses Asigra’s televaulting solution partially to protect data generated at various off-site locations. The organization operates regional environmental offices in San Francisco, Atlanta and Dallas and a project office in Cape Cod, Mass.
Ralph Miles, the center’s network administrator, said the organization backs up remote servers and desktop PCs via T1 lines to the headquarters data center. The televaulting solution encrypts and compresses data as it travels from remote sites to the data center.
Local replication and continuous data protection
Continuous data protection (CDP) products provide local replication to shield data from disturbances such as server crashes, user errors and viruses. The products capture every backup to a SAN, letting storage administrators revert to previous versions when they need to recover data.
Local replication can also take the form of periodic snapshots, which are point-in-time copies of data that enable recovery.
Systems administrators in Maine’s Labor Department, for example, use Network Appliance’s snapshot feature, part of the company’s storage operating system. The approach “allows us to have a certain number of real-time images of the file system…so we can recover a file using the snapshots,” said James Byther, senior technical support specialist at the department’s Office of Information Processing.
A major difference between the CDP and snapshot methods is CDP’s continuous nature, meaning that an organization using such a solution would have more recovery points than others that create a snapshot once every few hours. Rick Walsworth, vice president of marketing at Kashya, a CDP vendor, said the typical best practice is to create snapshots every three to six hours. Walsworth compares CDP to a movie, which someone could rewind to a desired point in time. CDP “is an enhancement of the existing backup mechanisms such as snapshots and split mirrors,” said Rajeev Bhardwaj, manager of product management for Cisco Systems’ Data Center and Storage Technology Group. “It provides continuous backup with a flexibility to restore data to any point in time.”
With CDP, organizations “get finely granular recovery points,” said Kirby Wadsworth, senior vice president of marketing and business development at Revivio, a CDP vendor.
CDP usually involves host-based software and a specialized appliance. In Kashya’s case, a splitter driver resides on a host computer. The driver “looks at every write that goes into the SAN” and sends a copy to the Kashya appliance, Walsworth said. The appliance creates a journal file of every write and creates a copy of the data on a separate array in the SAN. Administrators use the journal file to select the point in time from which they wish to recover data. They select that point from a single protected image maintained on the designated array.
That method underscores another difference between CDP and snapshot storage. The latter uses several images and thus involves more overhead, CDP adherents say. On the other hand, snapshots operate independently of hosts. A CDP product that offers only host software for Microsoft Windows servers has obvious limitations in heterogeneous environments.
Wadsworth said CDP quickly fixes problems such as accidental deletions and corrupt data. He said the technology works best for customers that have high-value data and short recovery windows. Techniques such as snapshots and daily backups may be reasonable in environments in which data doesn’t change often or isn’t of the highest value, he added.
Organizations can also use CDP products in disaster recovery. They can place Kashya’s CDP appliances at local and remote storage sites, and replication occurs via IP-based networks.
NEXT STORY: NIST releases revised card standards